Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
| Path | csiph.com!optima2.xanadu-bbs.net!xanadu-bbs.net!news.glorb.com!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Samuel Thibault <samuel.thibault@gnu.org> |
| Newsgroups | gnu.hurd.help |
| Subject | Re: Combining Hurd and Qubes OS for security reasons? Possible? |
| Date | Sat, 19 Dec 2015 23:28:43 +0100 |
| Lines | 30 |
| Approved | help-hurd@gnu.org |
| Message-ID | <mailman.233.1450564132.843.help-hurd@gnu.org> (permalink) |
| References | <CAB=Lj3T9dABDCnfiPFmui45WdZSVvpGs6rMX=PBVR6O94Es-Ug@mail.gmail.com> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=us-ascii |
| X-Trace | usenet.stanford.edu 1450564133 11093 208.118.235.17 (19 Dec 2015 22:28:53 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | help-hurd@gnu.org |
| To | David Renz <sun.kisses.horizon@gmail.com> |
| Envelope-to | help-hurd@gnu.org |
| Content-Disposition | inline |
| In-Reply-To | <CAB=Lj3T9dABDCnfiPFmui45WdZSVvpGs6rMX=PBVR6O94Es-Ug@mail.gmail.com> |
| User-Agent | Mutt/1.5.21+34 (58baf7c9f32f) (2010-12-30) |
| X-detected-operating-system | by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] |
| X-Received-From | 140.77.166.138 |
| X-BeenThere | help-hurd@gnu.org |
| X-Mailman-Version | 2.1.14 |
| Precedence | list |
| List-Id | Users list for the GNU Hurd <help-hurd.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/help-hurd>, <mailto:help-hurd-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/help-hurd> |
| List-Post | <mailto:help-hurd@gnu.org> |
| List-Help | <mailto:help-hurd-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/help-hurd>, <mailto:help-hurd-request@gnu.org?subject=subscribe> |
| Xref | csiph.com gnu.hurd.help:354 |
Show key headers only | View raw
Hello, David Renz, on Fri 18 Dec 2015 19:26:53 +0100, wrote: > E. g., there are so-called 'ACPI'- or 'BIOS-Rootkits', which are capable of manipulating > Windows as well as Linux systems. Since Hurd follows a different approach of > accessing hardware components, I often wondered whether this could make it > resistent against those kind of rootkits, It will most probably be resistent to windows- and linux-oriented rootkits, since the implementation is different. If there are flaws in the ACPI implementation of GNU Mach, there are probably ways to rootkit it. GNU Mach however currently uses ACPI only for shutting the system down, so the exposure is low. We'd however need it to eventually work with multicore processors. > Wouldn't it potentially increase one's security by many times, if one would be > able to let (e. g.) Debian Hurd as a template VM on top of a Qubes OS system? Well, that'll replace the GNU Mach ACPI implementation with the Xen implementation, i.e. trading one security surface by another. Since the Xen one is well-tested, that can be a good trade :) > I'm sure it would be really difficult to put this idea into practice, but > basically this should be possible to do, or am I missing a fact which make this > be impossible? GNU Mach is already ported to Xen, so it should be fine with Qubes. Samuel
Back to gnu.hurd.help | Previous | Next | Find similar
Re: Combining Hurd and Qubes OS for security reasons? Possible? Samuel Thibault <samuel.thibault@gnu.org> - 2015-12-19 23:28 +0100
csiph-web